About Me

My photo
This blog has been created to share technical information, interesting innovations that I notice on daily basis and Architectural/Consulting overview of various technologies. My areas of interest, on which I would be blogging, are VMware, Microsoft and Citrix Technologies. I hope you will enjoy this blog and share your experience with me.

Forefront Protection for Exchange 2010 (FPE) is unable to get updates from the Cloudmark Antispam Engine

Currently in our Exchange environment we were facing strange issues with the Forefront Protection for Exchange (FPE) on the Edge Servers

Issue Description:

Out of the 7 engines we are unable to get updates on the Cloudmark engine. (See picture)

Two event ids in the application event log as follows: (6019 and 6012)

Log Name:      Application
Source:        GetEngineFiles
Date:          9/9/2011 6:57:20 AM
Event ID:      6019
Task Category: Engine Error
Level:         Error
Keywords:      Classic
Computer:      Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
Scan Engine: Cloudmark

Log Name:      Application
Source:        GetEngineFiles
Date:          9/9/2011 6:57:20 AM
Event ID:      6012
Task Category: Engine Error
Level:         Error
Keywords:      Classic
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Cloudmark
   Error Code: 0x80004005
   Error Detail: Description: An error occurred while loading the scan engine.

We have already added the 4 URL’s on port 80 and 443 (cdn-microsupdates.cloudmark, lvc.cloudmark.com, pki.cloudmark.com and tracks.cloudmark.com) into our Cisco firewalls and the httpsinspection option is disable on the firewall. One strange thing we are noticing is the FPE client and Cloudmark server is resetting the connection as per the network trace

Resolution:

When running the two telnet tests, only the one to port 80 is successful. The one to port 443 fails.

telnet cdn-microupdates.cloudmark.com 80
telnet lvc.cloudmark.com 443

The connection errors you are seeing have been seen before and are due to the firewall still having a restriction to the ports. In this case, port 443 is still being block which is preventing the Micro Updates from coming through.

The networking team on our side figured out the URL were not getting resolved properly for https connections and they decided to add the IP address for all the URL’s instead of the names and problem got fixed.

lvc.cloudmark.com: 208.83.138.34

cdn-microsupdates.cloudmark.com: 93.184.215.73

pki.cloudmark.com: 208.83.136.39

crl.microsoft.com: 207.152.124.49, 205.177.95.229, 198.173.20.88

forefrontdl.microsoft.com: 198.63.194.0/24, 198.173.2.0/24, 207.109.221.0/24, 198.63.196.51, 205.234.218.11, 63.216.54.57, 69.31.106.35, 128.242.191.32, 207.152.124.91, 198.63.203.49, 205.234.225.152, 198.173.20.113, 63.236.252.201, 63.236.252.232, 69.31.102.90, 63.216.54.42, 209.18.42.152, 64.145.91.135, 64.145.91.126, 205.234.218.35

I hope this information would be useful for people troubleshooting FPE issues and will save atleast couple of days worth of troubleshooting efforts.
If you like this post please leave your comments and don’t forget to say thanks.

Best Regards,

Aresh Sarkari

 


SCVMM R2: You cannot contact the Virtual Machine Manager server. ID: 1605

I am logging onto the same machine where SCVMM is installed. I am part of the Local Administrators group when i open the VMM Admin Console i am receiving the following error. Although my account is not the same account using which the VMM was installed. However, my understanding is if i am local admin i can open the console because by default under VMM console under administration administrator group is added.

You cannot contact the Virtual Machine Manager server. The credentials provided have the insufficient privileges on localhost. Ensure that your account has the access to Virtual Machine Manager server localhost, and then try the operation again

ID: 1605

vmmerror

VMM services is running on "Local System"
VMM version is R2 and not beta.
VMM machine is part of the domain

Solution:

Domain Administrator group would have the by default access to SCVMM Admin Console. Though, I was the local admin on the box I would be required to add explicitly onto the User Roles - Administrator membership (See the below mentioned screenshot). After adding the account here issue was resolved.

sol

Leave your valuable comments here..

Best Regards,

Aresh Sarkari

My Blog List